Facebook has settled a sweeping privacy complaint in the US after the Federal Trade Commission accused the company of deceiving its users by failing to honour promises to keep their personal information private.

Mark Zuckerberg, chief executive, defended Facebook’s overall handling of its users’ personal information in a blog post published after the settlement was announced, although he added: “I’m the first to admit that we’ve made a bunch ofmistakes.”

Among a “small number of high-profile mistakes”, he added, were the launch four years ago of Beacon, an advertising system that reported users’ purchases to their Facebook contacts, and the series of changes in 2009 that affected the privacy settings of all Facebook users.

The FTC said it believed the company had breached the US Fair Trade Act by “repeatedly” allowing private information to be shared with other users or to be made public.

The agency, which does not have the power to fine the company, said that it had extracted an agreement from Facebook not to override its users’ privacy settings without “affirmative express consent”. It also said the company had agreed to independent audits of its privacy practices every two years for the next two decades, echoing a similar verification process agreed to by Google after complaints about privacy breaches in its own former social networking service, Buzz.

The settlement was welcomed by privacy advocates. “It will give Facebook users greater control over the information they post on the service,” said Marc Rotenberg, head of the Electronic Privacy Information Center, which had led a complaint to the FTC along with other organisations in 2009.

However, he criticised the agency for not forcing Facebook to switch its privacy settings back to their more stringent pre-2009 levels, leaving it free to continue to use information that he said had been “improperly obtained”.

Among the Facebook breaches listed by the FTC were the 2009 changes that made public information that had previously been designated as private, such as lists of friends. “They didn’t warn users that this change was coming, or get their approval in advance,” the agency said.

It also said the company had continued to make information available even after users deactivated or deleted their accounts, and had shared personal information with advertisers and the makers of third-party apps that run on the site when it had promised not to.

Facebook said on Tuesday that it had already made changes to its procedures to deal with most of the issues raised by the regulators.

It also announced the appointment of two chief privacy officers, one to oversee its policy and the other to vet new products and services.